Blog‎ > ‎

9/23/2013

posted Sep 24, 2013, 6:42 PM by Rick McGee
Watched video 29 all about the Nexus 1000V
 
The Nexus 1000V really acts as a virtualized NX-OS Nexus 7K switch with a pair of supervisors, and allowing up to 64 line card/module slots.
 
Run on a ESXi host VMware or Hyer-V or a Cisco 1100 appliance (Hyper-V required 1100)
 
Nexus 1000V creates a DVS or vDS (virtual distributed switch) in VMware
 
Nexus 1000v is made up of ..
 
Virtual Supervisor Module (VSM) (control and management plane)
Virtual Ethernet Module (VEM) (Data Plane)
    Install as a software plugin
    Used in lieu of the VDS VMware or used together
 
Within the Nexus 1000v you can add the following modules
    Virtual Security Gateway (VSG) (doesn't use up one of the 64 line card/module sots)
            Just like a service module
            Protects traffic East to West and VM to VM
    ASA 1000v
            Full feature firewall
    vWAAS
            Compression
    vNAM
    Nexus 1000v Inter Cloud   
            This provides L2 elastic networks between public and private cloud
                    Think between a DC and Amazon Web Services, you need extra servers for a sale that you will use temporarily
    Cloud Services Router
            IOS XE ASR 1000 ported over to a virtualized environment
            Can support MPLS, LISP, OTV
            Can support designs such as AWS Cloud Services Router -------------> To a Physical ASR 1000 router at a HQ's
    Virtual Network Management Center (VNMC)
            Uses vPath for data interception/Control
                    Each server in the data center is represented as a line card in the Cisco Nexus 1000V and can be managed as if it were a line
                    Card in a physical switch.
    Essential vs Advanced
            Both support: L2 Switching, VLAN's, Private VLAN's, loop prevention, multicast, vPC, LACP, ACS's, VXLAN, SPAN, ERSPAN,                     Netflow 9, vTracker, vCenter server plug-in's, Enhanced QoS, and Cisco vPath  2.0
 
    Advanced adds:
    Security: DHCP Snooping, IP Source Guard, Dynamic ARP inspection, Cisco Trustsec SGT (security group tagging) support
    
    Both support Virtual Services Node with VSG, ASA 1000V, vWAAS, vNAM, etc...
 
    VXLAN
        Fixes the limitations of only being able to have 4096 VLAN's (don't forget some are reserved)
        Has a 24bit header MAC in IP encapsulation, which allows millions upon millions of VLAN's
        Dot1Q encapsulation into a IP header
        Also use to secure VLAN's between users and customers
        Within each VXLAN you can have up to 4096 vlans
    
    vPath 2.0
         Always running in a VEM
                Directs Traffic to a VSN and applies security or optimization policy, and sends packet back to the VEM
         Once enough traffic (very small amount of traffic) has been transferred to VSN and back to determine a legitimate Flow, VSN     
         downloads information to the VEM to fast-switch traffic directly. This is very similar to a modular switch distributed line card feature)
        Only new traffic flows must first be sent to the VSN, subsequent traffic forwards directly by VEM on ESXi hosts.
 
Comments